NetFlow Data Not Reaching Collector
Presenting Symptom
NetFlow data is not being received by the collector, and no flow records appear in the collector's interface.
Network Context
A small branch office with a Cisco ISR 4321 router running IOS XE 16.9. The router is configured to export NetFlow version 9 to a collector at 10.1.1.100 on UDP port 2055. The router has a single WAN interface (GigabitEthernet0/0/0) and a LAN interface (GigabitEthernet0/0/1). The collector is reachable via the WAN.
Diagnostic Steps
Verify NetFlow Export Configuration
show running-config | include flowflow exporter EXPORTER destination 10.1.1.100 transport udp 2055 flow monitor MONITOR exporter EXPORTER record netflow ipv4 original-input interface GigabitEthernet0/0/1 ip flow monitor MONITOR input
Check that the flow exporter, flow monitor, and interface application are configured. Missing any of these indicates incomplete configuration.
Check NetFlow Statistics
show flow monitor MONITOR statisticsCache type: normal Cache size: 1000 Current entries: 15 High water mark: 20 Flows added: 500 Flows aged: 485 Active flows timeout: 1800 sec Inactive flows timeout: 15 sec Exporting flows to exporter EXPORTER: 0
If 'Exporting flows to exporter' shows 0, the exporter is not sending data. Check exporter configuration and connectivity.
Verify Exporter Status
show flow exporter EXPORTER statisticsExporter: EXPORTER Destination: 10.1.1.100 Transport: UDP 2055 Packets exported: 0 Packets dropped: 0 Last failure: No failure
If packets exported is 0, the exporter is not sending. Check destination reachability and UDP port.
Test Connectivity to Collector
ping 10.1.1.100!!!!!
If ping fails, there is a network connectivity issue. If ping succeeds, the problem is likely a firewall blocking UDP 2055 or a misconfigured collector.
Check for Firewall or ACL Blocking
show access-listsExtended IP access list BLOCK_NETFLOW
10 deny udp any any eq 2055
20 permit ip any anyIf an ACL is blocking UDP port 2055, NetFlow packets will be dropped. Look for deny statements matching the destination port.
Root Cause
An inbound ACL on the WAN interface (GigabitEthernet0/0/0) is blocking UDP port 2055, preventing NetFlow export packets from reaching the collector.
Resolution
Verification
show flow exporter EXPORTER statistics Expected output: Packets exported: 10 (increasing) Also check collector interface to see flow records appearing.
Prevention
1. Use a consistent UDP port for NetFlow and ensure it is permitted in all ACLs. 2. Implement logging on ACLs to detect blocked traffic. 3. Test NetFlow export after any ACL changes.
CCNA Exam Relevance
On the CCNA 200-301 exam, this scenario may appear as a troubleshooting question where you must identify why NetFlow data is not being exported. The exam tests knowledge of NetFlow configuration components (exporter, monitor, record) and common issues like ACL blocking. Key fact: NetFlow uses UDP, and the destination port must be allowed.
Exam Tips
Remember that NetFlow export uses UDP; the collector must be reachable and the port open.
The 'show flow monitor statistics' command shows if flows are being exported; zero exports indicate a problem.
Always check ACLs on the egress interface if export is not working.
Commands Used in This Scenario
Test Your CCNA Knowledge
Practice with scenario-based questions to prepare for the CCNA 200-301 exam.
Practice CCNA Questions